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Abstract 

Key Assignment Schemes (KASs) have been extensively studied in the context of cryptographically- 
enforced access control, where derived keys are used to decrypt protected resources. In this paper, 
we explore the use of KASs in entity authentication protocols, where we use derived keys to encrypt 
challenges. This novel use of KASs permits the efficient authentication of an entity in accordance 
with an authentication policy by associating entities with security labels representing specific ser- 
vices. Cryptographic keys are associated with each security label and demonstrating knowledge of 
an appropriate key is used as the basis for authentication. Thus, by controlling the distribution of 
such keys, restrictions may be efficiently placed upon the circumstances under which an entity may 
be authenticated and the services to which they may gain access. 

In this work, we explore how both standardized protocols and novel constructions may be de- 
veloped to authenticate entities as members of a group associated to a particular security label, 
whilst protecting the long-term secrets in the system. We also see that such constructions may allow 
for authentication whilst preserving anonymity, and that by including a trusted third party we can 
achieve the authentication of individual identities and authentication based on timestamps without 
the need for synchronized clocks. 

Keywords: Key assignment scheme, entity authentication, membership authentica- 
tion, authentication policy 

1 Introduction 

Key Assignment Schemes (KASs) have been studied since the work of Akl and Taylor [T] as a means 
of permitting an entity to derive many cryptographic keys by combining a small number of keys in 
its possession with knowledge of some publicly available information. Traditionally, such schemes are 
used to support cryptographically-enforccd access control, particularly for information flow policies; in 
this setting, derived keys are used to decrypt protected resources. However, we believe that KASs can 
also play a role in entity authentication protocols by using the derived keys as encryption keys instead. 
In this paper, we investigate methods by which KASs may be integrated into existing, standardized 
authentication protocols in order to authenticate an entity as a member of a specified group. Associating 
groups with specific services can allow for more control to be exerted over the conditions under which an 
entity may be authenticated, such as allowing authentication only during certain time periods (during 
working hours, for example) or if the entity has been assigned a specific security clearance. We shall also 
see that a KAS can help protect the long-term secret key in a distributed system, and allow a particular 
form of authentication to occur whilst preserving the anonymity of entities. 

This paper focuses on two-party symmetric-key authentication protocols wherein we replace the usual 
long-term, shared key with one derived from a KAS construction. Authentication is achieved by con- 
structing a fresh message using this shared secret. Keys in a KAS are associated with particular security 
labels which could represent security classifications, time periods or geo-spatial locations for example. 
Thus, by making appropriate choices of labels and KAS constructions, we can require the claimant to 
demonstrate knowledge of keys (derived from the shared KAS secret) which satisfy an authentication 
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policy for the system. A claimant can achieve this if and only if they have been provided with an appro- 
priate KAS secret and is, therefore, able to derive the necessary keys. We note that the use of a KAS 
instantiated with labels chosen according to an authentication policy can go some way towards authen- 
ticating an entity's identity and establishing authorization credentials simultaneously during a single 
protocol run. In addition, we argue that the traditional process of determining authorization uses entity 
authentication primarily as a means to perform a look up on the identity and the associated permissions 
to determine whether the claimant should be allowed to use the service in question. To this end, in this 
work we adapt entity authentication protocols such that they do not necessarily verify individual identity 
but instead demonstrate that the claimant is associated with a specified set of permissions, and do so in 
a manner that requires the claimant to prove that association, thereby reducing the verifier's workload. 

The remainder of this paper is organized as follows: we begin by providing a brief introduction to 
graph-based access control policies and key assignment schemes, before discussing how several standard- 
ized protocols may be extended using a KAS to prove membership of a group associated with a set of 
security labels. We then investigate novel constructions to provide authentication using timestamps, as 
well as how a Trusted Third Party (TTP) may be introduced to verify individual entity identities. 

2 Background 

First we introduce some notation to be used in the remainder of this paper. The statement A — > B : m 
is to be interpreted as: entity A sends the message m to entity B, whilst a message of the form {m} K 
means that the plaintext m has been encrypted under the key k, and H{m) denotes the output of a 
cryptographic hash function H applied to the message m. Finally, we write ka,b to denote a symmetric 
key shared by entities A and B, while ta denotes a time-stamp and tja a nonce (number used only once), 
both created by entity A. We write to denote the set of consecutive integers {«,... , j}. 

2.1 Graph-based access control policies 

A partially ordered set, or poset, is a set L equipped with a binary relation ^ such that for all x,y, z £ L 
the following conditions hold: x ^ x (reflexivity) ; if x ^ y and y ^ x then x = y (anti-symmetry); and 
if x ^ y and y ^ z, then x ^ z (transitivity). 

We may write x < y if x ^ y and x ^ y, and write y ^ x if x ^ y. We say that x covers y, written 
y < x, if y < x and no z exists in L such that y < z < x. The Hasse Diagram of a poset (L, ^) is the 
directed acyclic graph (L, <) wherein vertices are labelled by the elements of L and an edge connects 
vertex v to w if and only if w < v. We write C n to denote the chain (total order) on n elements; we 
write T n to denote the poset ({[i, j] : 1 ^ i ^ j ' ^ n}, C) and we write 2l"l to denote the powerset of n 
elements. Figure [1] shows Hasse diagrams for C 4 , 2 P] and T 4 . 

Let U be a set of entities in a distributed system, O be a set of resources to which access should be 
restricted by a policy, and (L, ^) be a poset of security labels. Also, let A : U U O — >• L be a labelling 
function assigning a security label to each entity and object. The tuple (L, ^,11,0, A) then denotes an 
information flow policy which can be represented by the Hasse Diagram of (L,^). Henceforth we shall 
refer to such policies as graph-based access control policies. The policy requires that information flow 
from objects to entities preserves the partial ordering relation; for instance an entity u G U may read 
an object o € O if and only if A(it) ^ A(o). Note that this statement is the simple security property of 
the Bcll-LaPadula security model [1] . The enforcement of a graph-based access control policy prevents 
an entity assigned clearance label x from accessing objects classified with label y if y > x. Posets of the 
form shown in Figure [1] have been used extensively as the basis for graph-based access control policies, 
notably in the Bell-LaPadula model and in temporal access control [5] . 

2.2 Key assignment schemes 

A key assignment scheme provides a generic, cryptographic enforcement mechanism for graph-based 
access control policies in which a unique cryptographic key is associated to each node (representing a 
security label) in the graph (L, ^). Akl and Taylor pQ introduced the idea of a KAS to manage the 
problem of key distribution by allowing a trusted center to distribute a single cryptographic key, k(x), 
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Figure 1: Example Hasse diagrams 

to each entity. The entity may then combine knowledge of this secret key with some publicly available 
information in order to derive additional keys n{y). 

Henceforth, we write k x to represent the cryptographic key k(x). A well-known KAS construction 
publishes encrypted keys. In particular, for each directed edge (x, y) in the Hasse diagram, {k v } Kx is 
published. Then for any x > y, there is a (directed) path in the Hasse diagram from x to y and the key 
associated with each node on that path can be derived (in an iterative fashion) by an entity that knows 
k x . This type of scheme has been called an iterative key encrypting (IKE) KAS [5]. 

A fundamental security property of a KAS is that it should be secure against key recovery [2J: that 
is, the derivation of k v from a set of keys n Xl , . . . , K Xn should be possible if and only if there exists i 
such that K Xi > y. This property asserts that a set of users cannot recover a key for which no one of 
them isn't already authorized. An IKE KAS is known to be secure against key recovery provided the 
encryption function is chosen appropriately [2J. 

Specific choices of the poset of security labels give rise to the information flow policies made famous in 
the Bell-LaPadula model ,T and temporal access control policies, wherein an entity is permitted to derive 
cryptographic keys referring to specific intervals. For example, Figure [Tc] illustrates a temporal poset 
where the leaf nodes represent specific time periods, and an entity is provided with the key relating to an 
interval (non-leaf node in the tree), from which it is possible to iteratively derive keys for the children. 
A survey of existing generic schemes is given in [§] whilst further details of temporal access control and 
more general interval-based schemes can be found in [5] and [5]. 

3 Applying KASs to standardized authentication protocols 

As we have seen, KASs have been used to enforce graph-based access control policies, where a protected 
object is encrypted with the key associated with the object's security label and an entity may (if au- 
thorized) derive the key to decrypt the object. However, we could also use derived keys for encrypting 
messages. Given that many authentication protocols use symmetric encryption to respond to challenges, 
we now explore how we can use KASs to build novel authentication protocols. 

Traditional Entity Authentication. Consider, for example, Protocol [T] [T2J Mechanism 2] - a uni- 
lateral, challenge-response authentication protocol - in which the verifier B sends a nonce r]B to the 
claimant A (message 2)0 By encrypting a plaintext that includes the nonce (message 3), the claimant 
demonstrates knowledge of the shared secret key ka,b and the verifier knows that the message cannot 
be a replay. A protocol in which the claimant encrypts a timestamp (Protocol |4] 12, Mechanism 1]) 
requires fewer messages. However, such a protocol requires the claimant and verifier to have (loosely) 
synchronized clocks and for there to be some "window of acceptability" for timestamps. Mutual au- 
thentication can be achieved by requiring both parties to encrypt a message containing a nonce (Pro- 
tocol [2] [T21 Mechanism 4]). A similar mutual authentication protocol using timestamps can easily be 
designed (Protocol[5] [12, Mechanism 3]). Finally, in addition, a protocol may provide authenticated key 

1 Protocols [TT [2l [41 and l5l are taken from the ISO standard 12^. Some textual fields have been omitted from protocol 
descriptions in the interests of clarity and brevity. Protocol [3] is based upon the AKEP1 protocol [5]. 
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exchange (Protocol [3]) by including a session key in the verifier's response (message 2). Notice that the 
protocols presented here use an authenticated encryption scheme to protect certain messages, in order 
to verify that only an entity in possession of a valid cryptographic key could create the message and 
that it has not been maliciously altered. The protocols presented here could be modified to use a MAC 
(computed using the symmetric key), or other suitable cryptographic primitives if desired. 



Protocol 1 Protocol 2 Protocol 3 

A -> B: Hi A -> B: r/ A A -> B: r/ A 

B^A-.tjb B -> A: {r, Al r, B ,A} KAB B -> A: { VA , ij B , A, B, k s } 

A -> B: {»?B,B} BAifl A -> B: {vb,Va} ka b A -> B: A} KA B 



Protocol 4 Protocol 5 

A^B: {r A ,i?} KAs A -+ B: {r A , B} KA fl 



Figure 2: Entity authentication protocols 



Authentication using KASs. We now consider how these protocols can be modified to make use of 
keys derived from a KAS. We assume the existence of a graph-based authentication policy (L, ^, U, S, A) 
which we define in an analogous manner to graph-based access control policies (see Section 12. 1} : U is a 
set of entities, S is a set of services and L is a set of distinct security labels that forms a poset under the 
relation ^; \ : U U S — > L is a function that assigns a security label to each entity and service. Here, the 
term service is used to denote the claimant's intended interaction following the successful completion of 
the authentication protocol: i.e. we assume the claimant wishes to authenticate in order to be permitted 
to interact with the service (for example, logging in to the system or sending a document to a print 
server). We also assume the existence of a KAS associated with the graph-based authentication policy. 

In the following protocols, we replace the symmetric key k a ,b used in the protocols in Figure [5] 
with a key derived from a KAS. We assume that a trusted center initiates the setup of the system: 
defining a poset of security labels and a graph-based authentication policy, and instantiating the KAS 
construction. As an entity, u, joins the system, they are assigned a security label X(u) and given the 
associated cryptographic key K\r u \. Henceforth, the entity may combine knowledge of this key with the 
public information from the KAS to derive all keys n x such that x ^ A(m) - that is, all keys that u 
is permitted to learn in accordance with the authentication policy. Thus, the entities are assigned to 
groups, each associated with a particular security label and therefore permitted to interact with a specific 
service. 

Note that we may define an equivalence relation on U, where u ~ u' if and only if \(u) = X(u'). 
The equivalence relation induces a set of equivalence classes on U: for each the equivalence class 

U x denotes the set of users having security label x. The aim of the claimant, then, is to demonstrate 
membership of the group (equivalence class) associated with a particular security label. The claimant 
does this by deriving and using the appropriate key to encrypt a challenge chosen by the verifier. 

3.1 Challenge-response protocols 

We begin by extending Protocols Q] and [5] to make use of a KAS. Note that correctly encrypting the 
challenge demonstrates knowledge of k v , which means that any entity with security label w ^ v could 
compute this challenge. This authentication protocol is weaker in some sense than conventional au- 
thentication protocols in that it only proves that the claimant belongs to a group U w , for some w ^ v. 
However, this form of authentication will suffice for many applications, in particular those applications 
for which no subsequent auditing or attribution of actions to individuals is required. Note also that 
conventional authentication may be thought of as a degenerate case of KAS-based authentication, in 
which the graph is an unordered set of labels, one label per entity. 
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Protocol 6 



Protocol 7 



Protocol 8 



A -)• B: v A -> B: Hi A ->• B: u, ?^ 

B^A-.r/B B^A:v,r) B B -> A: {n A , r] B , A} K ,w 

A -> B: {t/b.B}^ A -> B: {r, B , A B: {77.4, 



Figure 3: Challenge- response authentication protocols using a KAS 



Protocol [6] illustrates one method for incorporating a KAS into a unilateral authentication protocol. 
We notice that the overall structure of the protocol is very similar to the traditional case in Protocol [1] 
however the claimant now presents the verifier with a security label, v, for which she wishes to be 
authenticated for example, this label could represent credentials that A claims to have, or could 
contain a description of the desired service (the name or type of system she is attempting to log into, for 
example). Instead of using a symmetric key shared by the claimant and the verifier, the claimant now 
derives and uses the key, k v , associated with the chosen security label using the KAS. Given that the 
claimant is provided with the cryptographic key K\tA) by the trusted center, it will be possible to prove 
knowledge of k v if and only if they can derive k v from 

The use of a nonce to demonstrate freshness is still important (even if the security label is chosen to 
be the current time) since all keys Kj for i ^ A (A) may be derived ahead-of-time once the trusted center 
has distributed the key K\(a) an d made the public information available. We will see in Sections 13.21 
and !4.2l some other techniques to ensure the timeliness of the response. On receipt of the initial message 
from the claimant with the requested security label, the verifier must ensure that the label satisfies the 
authentication policy for the requested service and that the verifier himself is authorized to proceed with 
the authentication (i.e. he has security clearance at least that of the chosen label: X(B) v). We will 
shortly see a method to handle the case in which the chosen label is not suitable for the protocol to 
proceed, by negotiating security labels. 

Protocol [S] is initiated by the claimant providing a security label on which they would like to be 
challenged - we say it is an claimant- selects-label (CSL) protocol. In some situations, it may be prefer- 
able to have a verifier-selects-label (VSL) mechanism where the verifier chooses the necessary security 
label before issuing the challenge, as shown in Protocol [7] For example, this may be beneficial in an 
environment where the required security label for all protocol runs will be equal and hence it may be 
more efficient for a verification server to issue the challenge than to check that labels chosen by claimants 
are sufficient. On the other hand, the CSL method may be more suitable in environments where peer- 
to-peer interactions are common, or the choice of services available is greater and therefore unknown to 
the verifier at the beginning of the protocol run. 

Mutual authentication can be achieved in a similar fashion, as shown in Protocol [8] Note that both 
parties choose a security label (in a VSL manner) to challenge the other participant. In practice, it is 
likely that the labels will be chosen such that v — w but it is conceivable that one entity should be of a 
higher security level (for example an employee submitting a report to a superior). 

Protecting keys. In traditional entity authentication protocols, the claimant demonstrates knowledge 
of a long-term shared secret key. In the KAS authentication protocols discussed here, however, the long- 
term secret key is the key issued to the entity upon joining the system, and the protocols use derived 
keys instead. Thus, if we restrict the challenge security labels to relate only to derived keys (and not 
those issued to entities), the long-term secret is never used for encryption and is therefore protected from 
known-plaintext attacks. In addition, it may be advantageous to ensure that only the trusted center may 
have possession of the key associated with the root node of G, whilst entities are issued with non-root 
nodes. Thus, if a entity is compromised, it may only reveal the subset of keys derived from those in its 
possession, while preserving the security of other keys in the KAS. 

We note that Protocol |5] provides an adversary with a plaintext-ciphertext pair which may expose 
the derived KAS key k v . This is because the final message is an encryption of the verifier's identifier 
(which we assume to be public knowledge) and the nonce which has been previously distributed in the 
clear. To avoid this, we could encrypt the nonce in the second message using the KAS derived key and 
require that the claimant prove knowledge of the plaintext value of the nonce (and thereby knowledge 
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of the decryption key) as shown in Protocol [9] 



Protocol 9 



Protocol 10 



A -> B: v 

B -> A: {r?B} K , 

A^Bi^b^L 



A -> B 
B -> A 
A -» B 



v 

{vb} Kv 
{Vb,B} Ks 



Figure 4: Challenge-response authentication protocol using a KAS with protected nonce 



Authenticated key exchange. Protocol |3] may be extended to use a KAS in the obvious way, in 
order to distribute a session key, security label or a key relating to a specific group (or interval) from 
which many session keys may be derived. A session key, as defined in [5], should have the property that 
compromising one session key should not reveal information about any other session keys. Clearly, this 
could have implications for our system since the disclosure of a KAS key, could allow for the undesired 
derivation of other keys. Thus, we must ensure that if session keys are chosen to be from a KAS 
construction, they should be leaf nodes (thus preventing further derivations) or the derived children of 
the given node must be distinct from session keys used elsewhere in the system. Also it is important to 
note that, if the session key is protected by the key k v , any member of a group associated with a label 
w ^ v could learn the key. However, by definition, all members of the group associated with label v are 
authorized for services at that level and so session keys may be required only to protect the service from 
non-members. 

Alternatively, a session key could be derived from information shared during a protocol run. By 
protecting the nonce, as in Protocol^ the participants now have a shared secret value. This could then 
be used to derive additional session keys using a pseudorandom function, in much the same way as the 
pre- master secret is used in the SSL/TLS protocol. Protocol [10] illustrates the use of such a derived key 
k s to encrypt the final message. We can extend this to a mutual authentication protocol in which both 
entities provide inputs (nonces) that are used in the derivation of the session key, and hence its value is 
not determined by any single entity. 

Security label negotiation. In a CSL protocol, it is conceivable that the chosen security label may be 
insufficient to prove authority for the desired service, or that the verifier may not have sufficient authority 
to carry out the authentication (the verifier must also at least be a member of the group associated with 
the challenge label in order to verify the response message; that is, we require X(B) ^ v). On the other 
hand, if the verifier issues the challenge label (VSL), it may be that the claimant is not able to derive 
the required key but would instead like to authenticate at a lower level. Therefore, it is important that 
the protocols allow for the negotiation of security labels to enable both parties to agree upon a mutually 
known key to form the challenge. 



Protocol 11 

A -> B: v 

B -» A: r) B ,X(B) 

A -> B: w,{t] B ,B} 



Figure 5: Challenge- response authentication protocol with security label negotiation 

Protocol im illustrates such negotiation for a unilateral CSL challenge-response protocol. We assume 
that v ^ A(A) (else A knows she can't meet the challenge) and that v > X(B) (i.e. B docs not have the 
requisite clearance to carry out the authentication for the chosen label) . We also assume that w is chosen 
such that w ^ A(-B) and w ^ A(A), and that w is at least equal to the required security clearance for the 
service according to the authentication policy. When presented with the challenge label v, the verifier 
responds with the chosen nonce as well as the maximal label that he is authorized to authenticate. The 
claimant then chooses a new label w which is acceptable to both parties - that is, w should be the 
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greatest common descendent of v and X(B) (computed, for example, using a least common ancestor 
algorithm on the 'inverted' Hasse diagram of the poset of security labels i.e. the Hasse diagram where 
the ^ edge relations have been reversed to give relations). Note that it is important that the claimant 
be treated as an entity of security clearance w for the duration of the service, and not of the originally 
requested label If no such descendent can be found then the protocol should be terminated since the 
verifier is unable to authenticate the response. 

3.2 Time- variant parameter protocols 

We now turn our attention to authentication protocols that make use of time-variant parameters to 
ensure that the claimant is alive and actively participating in the protocol run. There are two forms of 
time-variant parameters - timestamps and sequence numbers. Both require the protocol participants to 
share some state: in the case of timestamps, the two parties must have loosely synchronized clocks; in 
the case of sequence numbers, the parties must keep track of the last sequence number used in a protocol 
run. In this section, we will consider the case when timestamps are used. Our protocols can be modified 
very easily to accommodate the use of sequence numbers. 

Protocol [T2] provides one-pass unilateral CSL authentication using a KAS in conjunction with a time- 
stamp. On receipt of the message from the claimant, the verifier must check that the ciphertext is valid 
and the timestamp is within an acceptable window of a synchronized clock. Thus, the verifier is assured 
that the claimant has constructed a fresh message using the secret key associated to the group v, and 
hence the claimant is authenticated as a member of the group. Similarly, Protocol 1131 provides mutual 
authentication of both parties by symmetrically running two instances of the unilateral protocol. As 
before, some negotiation of security labels may be required for authentication to terminate successfully. 



Protocol 12 Protocol 13 



A^B:v,{t a ,B} Kv A^B:v,{t a ,B} Kv 
B A: w, {t b , A} 



Figure 6: Timestamp-based authentication protocols using a KAS 



4 Extended functionality using KASs 

In the previous section, we have seen how a KAS may be applied to standardized authentication proto- 
cols to authenticate an entity as a member of a group associated to a particular security label. We now 
investigate how particular choices of {L,^) and minor modifications to the protocols give rise to inter- 
esting forms of authentication. We see how time-stamp based authentication can be achieved without 
shared state or synchronized clocks, and how a third-party may be introduced in order to authenticate 
individual entity identifiers and provide authenticated key exchange. 

4.1 Time-stamp based protocols without shared state 

In Section 13.21 we saw how conventional authentication protocols that use timestamps could be modified 
to make use of KASs. However, we can use a poset to model logical time. In particular, we can use 
a poset of the form T n (see Figure |Tc]) in order to verify that a claimant is permitted to authenticate 
at a certain point in time using one of the challenge-response protocols discussed in Section 13.11 The 
verifier using a VSL protocol, for example, issues a challenge for the label associated with the current 
time period t, which the claimant may only encrypt correctly if she can derive Kt- She can only do this 
if she was issued with a key for an interval that contained t by the trusted center. This could be useful 

2 To see this, suppose otherwise that we have the labels x ^ y ^ z and that \(A) = y and \{B) = x, then A requests 
authentication on label z which is refused by B (since he is not of sufficient clearance) and the protocol negotiates a 
challenge for label x which A can satisfy. A would then be treated as clearance z (as requested) despite only proving 
knowledge of k x , which would constitute a breach of security. 
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for time-bounded 'guest access' to a system. Notice that the use of temporal security labels acting as 
logical timestamps in this fashion removes the requirement for shared state and synchronized clocks. 

A natural extension is the construction of a KAS over the poset L x T n , where L is the poset of 
security labels in the graph-based authentication policy and T n is a poset of temporal intervals. In this 
construction, the number of nodes increases to \L\ x \T n \ and hence storage costs increase accordingly, 
but the worst case derivation time is only \L\ + \T n \. The advantage of using such a poset is that the 
claimant can present a security label v and either use the current time period, t, or one chosen by the 
verifier (or equivalently a time interval), and the challenge is to derive the appropriate key K( v ,t) £ LxT n . 
Thus we can prove membership of a group and authorization for the given time period simultaneously 
(for example, to enforce that a database system may be accessed only by entities with a certain clearance 
and only during office hours). 



4.2 One-round protocols without synchronized clocks 

We can construct a one- round authentication protocol (Protocol H2j) but the protocol assumes that the 
claimant and verifier maintain (loosely) synchronized clocks. In this section, we investigate a method 
by which one-round authentication may be achieved without this requirement through the use of pre- 
published tokens and the time-specific release of information. The advantage of such a protocol, in 
addition to reducing the pairwise communication costs, is that the verifier is not required to generate, 
store and check a unique challenge per protocol run, but rather can associate a unique challenge with 
each service and time period. Also, the construction presented here leads to an efficient, centralised 
authentication system in which many verifiers may publish to the same repository of tokens (for many 
different services, time periods and security levels) and there is a single trusted party responsible for 
publishing time-specific information. 




Protocol 14 



B publishes: {j7r}„ 

TTS broadcasts: yt,t' at time t 

A -> B: {B, VB ,VA} K[to Hy 



Protocol 15 



B publishes: |??r,w}„ 

TTS broadcasts: ytj' at time t 

A -> B: {B, Vb ,Va} k „ 



Figure 7: A construction for a one-round authentication protocol using pre-published tokens 



Figure [7] shows an example of a temporal Hasse diagram which may be used in our construction. 
Notice that it may be viewed as a copy of T n reflected in the x-axis and joined to its reflection by a 
number of dashed edges. A KAS is instantiated over the complete Hasse diagram in which the public 
information used for key derivation are labels, y%,j, associated with each edge G E. The public 

information associated with solid edges in the figure is published during the initialization of the system, 
whereas the information associated to the dashed edges will be released individually at suitable points 
in time. We refer to these dashed edges as temporal edges and to the associated information as time 
instant key ciphertexts (TIKCs). The TIKC yt,v is broadcast by a Trusted Time Server (TTS) at 
time t. For example, if the KAS construction is an IKE KAS, where the public information is the set 
Pub — {{k v } k : y < x}, then the TIKC published at time t will be y t .t< = { K t'} Kt - 

Protocol li4l illustrates how this poset may be used in a one-round authentication protocol. The verifier 
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publishes a token, {t]b} k , in a public repository (or otherwise makes it available to the claimant). 

This token is valid for a particular window of acceptance, [to, t\] , and use of the nonce contained within 
it by a claimant will demonstrate liveness during that interval, as we shall see shortly. Thus, we must 
ensure that only authorized entities (according to the authentication policy) are able to decrypt the 
token in order to retrieve the nonce. The receipt of a message containing the nonce is then sufficient to 
authenticate the claimant as both authorized and alive. The verifier can make available multiple tokens 
associated with varying windows of acceptability depending on the security requirements for the related 
service. For instance, the token for a highly time sensitive service, or where the compromise of a key will 
have severe consequences, may be encrypted with the key associated to a small interval in the lower half 
of the Hasse diagram, whilst a less critical service could use a longer window of acceptance. 

Determining liveness. The token is encrypted using a key relating to a node in the lower half of the 
poset illustrated in Figure [7] Upon joining the system, the claimant is issued with a key k v associated to 
a node v in the upper half of the Hasse diagram, allowing for the derivation of keys for all descendants of 
v, that is {k w : w ^ v}. Thus, an authorized entity may derive keys relating to a number of 'leaf nodes 
(individual time periods) of the upper poset but may not derive any keys associated with the lower half 
of the graph as the temporal edge labels are not yet publicly available. 

Once the TTS broadcasts the TIKC yt t t< at time t, a claimant that can derive the key associated 
with 'leaf node t in the upper poset is then able to derive the key associated with the node t'. Notice 
that the nodes in the lower half of the graph can be thought of as the "disjunction" of individual time 
periods - that is, knowledge of the key n t > for an individual time period t' allows for the derivation of 
any key associated with an interval containing t' . For example, to derive the key associated with the 
interval [1,3] , one must be able to derive Ky or or . 

By this means, a token with specified interval [to,ti] may not be decrypted until the TTS publishes 
a TIKC at a time t £ [to,t{\ but only one such TIKC is required to successfully access the nonce. 
Thus, on receipt of a valid message containing the nonce, the verifier is assured that the claimant was 
actively engaged in the system in order to receive the TIKC at some point during the specified window 
of acceptance, and this is achieved without requiring synchronized clocks. 

Determining authorization. The message from the claimant is encrypted using the time-interval 
key K[ to tl ]'. Encryption is important to prevent unauthorized entities from learning the nonce and hence 
authenticating in a future protocol run, whilst the claimant's nonce is included to make the plaintext 
unique to this interaction and thus not susceptible to a replay attack. Note that the verifier must check 
that this nonce has not been received before in relation to this token. 

Additionally, rather than using the same interval key to encrypt both the token and the claimant's 
message, the token could contain a security label relating to a key that the claimant must use for 
encryption, as shown in Protocol 1151 By this means, the verifier can ask that the claimant is authorized 
for and alive at some point during the window of acceptance and also authorized for a particular time 
period (or other security classification). For instance, suppose the claimant is authenticating to a Ticket 
Generating Server which will provide a ticket with a validity lifetime equal to the window of acceptance, 
[to,ti] ■ Thus, Protocol RH1 would ensure that the claimant is authorized for and alive at any point in 
the window of acceptance, but by including the label [io,ii] (relating to the upper poset) in the token 
(as in Protocol [15]) . the verifier also requires that the claimant has knowledge of the key «[t 0) ti] and is 
therefore authorized for the entire interval. 

Finally, it is important that the verifier maintains a list of tuples (t]b, ti), where t\ is the end-point of 
the window of acceptance, and for each protocol run must check that the end-point for the given token 
has not passed. This is because the TIKCs are broadcast publicly and hence malicious entities may store, 
or be given, TIKCs for use in future protocol runs. 

Generalization to arbitrary posets. Notice that the upper half of the KAS construction in Figure[7] 

was chosen to be a temporal poset mirroring that of the lower half, hence requiring that the claimant 
is permitted to authenticate during the window of acceptance (else they could not derive the individual 
time period keys to which the current TIKCs relate). However, any graph-based authentication policy 
is equally suitable, as long as the appropriate relations ('temporal edges') are created between the upper 
and lower constructions in the Hasse diagram. 
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Protocol 16 Protocol 17 



A B: Hi A ->■ B: Hi 

B -> TTP: A B -> TTP: A 

TTP -y B: Vb)} Kb TTP -> B: {775, k s } K[ 

B^A:v,T] B B -> A: v,{i] B } K 

A -> B: {^,5,^(^,^)1 A -> B: {775, B}" 



Figure 8: Authentication protocols using a KAS with a TTP 



More formally, suppose we have a graph-based authentication policy (L, ^) and the temporal poset 
of acceptance windows (T n , D) (the bottom half of the poset in Figure[7]), with Hasse diagrams H(L, E) 
and H(T n , D) respectively. We also identify a set of temporal edges: £*CLx [~T n ] where |~T„] = {[i, i]' : 

During the initialization of the system, the trusted center publishes information associated with the 
edges in each of the two Hasse diagrams. At time t, the TTS publishes TIKCt, the set of information 
that enables, for each temporal edge {x,t') G E*, the derivation of Kf from k x . For example, if using 
the IKE KAS scheme, TIKCt = {{**'} Kx : (x,tf) G E*}. As each TIKC is published, the two Hasse 
diagrams become increasingly connected by the temporal edges and the protocols defined above proceed 
as before. 

4.3 Verifying identity using a trusted third party 

In the preceding sections, we have seen how KASs may be used to solve the generalized problem of 
verifying membership of a group associated with a specific security label. In this section, we aim to 
achieve the special case more commonly found in entity authentication protocols - that of proving a 
claim of an individual identity. An example use of such a protocol would be the act of logging into 
a secure database where a KAS is used to prove clearance but knowledge of the claimant's identity is 
required for recording in an audit trail. Of course, this may be achieved using the techniques presented 
above by treating entity identifiers as security labels and partitioning entities into groups of one. Thus, 
we create a large KAS with a leaf or branch pertaining to each entity, but this could be prohibitively 
expensive due to the large number of keys and public storage required. Instead, we now employ a Trusted 
Third Party (TTP) which provides additional information to the verifier that may be used to check the 
claimant's identity. Protocol [H)] illustrates this technique, wherein both the entities A and B share a 
symmetric key, ka and Kb respectively, with the TTP. Note that the trusted center responsible for 
the KAS and the TTP used here may belong to different security domains - that is, we have a group 
attribute provider who is authoritative on membership of security groups, and an identity provider who 
is authoritative on identities. In particular, the TTP may be independent of the authentication system 
and entities may register their identity once with a global identity authority that acts as the TTP with 
many different authentication systems. 

In this protocol, entity authentication proceeds much as in the unilateral case, but once the claimant 
has initiated the protocol, the verifier seeks further information from the TTP. The TTP responds by 
choosing a nonce rjs and constructing a digest using the shared key ka and r\B- The TTP concatenates 
this digest with the challenge and encrypts the message using the key the TTP shares with the verifier 
kb- For concreteness, the digest in Protocol is computed as H{ka,tib) 1 where H is a cryptographic 
hash function. The inclusion of the nonce in the hash prevents the verifier from using it in a future 
protocol run to impersonate the claimant, whilst the encryption prevents an adversary with a different 
identifier but in the same authorization group as A (and hence also with access to the challenge key 
k v ) from intercepting the digest and encrypting it in the final message to successfully impersonate A. 
The verifier forwards the nonce to the claimant along with a challenge security label v. The claimant 
responds by recreating the hash value using the received nonce and the symmetric key ka it shares with 
the TTP and encrypting the result with k v . Assuming the two hash values match, the verifier may 
be assured that the received digest could only have been created if the claimant had knowledge of ka, 
assumed to be known only to A and the TTP. Thus, if the claimant's hash value matches that created 
by the TTP then the verifier may be assured both that the claimed identity is correct, and that the 
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claimant is authorized since the message was encrypted with k v . 

Ticket-based protocols. Many entity authentication protocols in large multi-user systems use a TTP 
to reduce the number of cryptographic keys required. Rather than every pair of entities holding a 
pre-agreed secret key, each entity shares a symmetric key with the TTP and uses this to both authen- 
ticate themselves and to agree a session key for subsequent communication between the parties. In 
Kerberos [15] . for example, a user authenticates themselves to an Authentication Server (AS) using 
knowledge of a long-term secret (usually the user's password) and receives a ticket which can be used 
to access a service, or to gain additional tickets from a Ticket Granting Server (TGS). The ticket issued 
authenticates the entity for a specified lifetime, which is reminiscent of a temporal KAS in which the 
entity can derive valid keys for a specified period of time. Modifying the Kerberos protocol to use a 
KAS, therefore, could achieve the same functionality whilst removing the responsibility for checking the 
validity of the ticket at the current time from the TGS. Instead, the entity would only be able to use 
the current time period key if the key issued to her by the AS allows for its derivation, and therefore the 
use of that key implicitly proves authorization. In addition, proving knowledge of an interval key in a 
temporal KAS construction could lead to the issuing of a ticket valid for the given interval. Early versions 
of Kerberos were vulnerable to a known plaintext attack [25| which revealed the user's password (the 
long term secret). A KAS can mitigate this risk in similar protocols by using derived keys instead of the 
long term secret and thus, even if such an attack succeeds, only a single key is lost and non-descendant 
keys remain secure. 

Authenticated key exchange. Finally, note that the digest constructed by the TTP is computed 
over the nonce and hence is unique to this protocol run. Therefore it could be used as a session key for 
subsequent communication as illustrated in Protocol 1171 where n s = H(ka,t]b)- The claimant proves 
knowledge of the group key k v by decrypting the nonce and including it in the response. By encrypting 
the response using the session key, the verifier gains key confirmation. 

5 Related work 

We have already discussed and referenced many of the major developments and relevant work on Key 
Assignment Schemes in Section 12.21 In this section, we focus on related work in authentication and 
time-specific encryption. 

Anonymous and membership authentication. There has been a significant amount of work [5imH 
I14IHB . 19, 22-24 relating to the concepts of anonymous authentication and membership authentication 
wherein entities are authenticated as members of a group but the verifier does not learn the individual 
identities. These schemes largely use public- key cryptography to demonstrate knowledge of a shared 
secret. Whilst anonymity was not the prime focus of our work, we note that the protocols we present 
in this paper provide for some degree of anonymity; specifically, users within an equivalence class U x 
for x € L are indistinguishable to the verifier (and, therefore, anonymous relative to the size of the 
equivalence class). 

Previous work [19l[24] has used the Akl- Taylor key assignment scheme [1] as a building block for 
anonymous authentication schemes. However, these schemes have required additional public-key mech- 
anisms, presumably because the security of the Akl- Taylor scheme is based on the RSA problem. Our 
work is the first, to our knowledge, to use purely symmetric constructions. 

Group and ring signatures. Some membership authentication schemes use group signatures [S][71 
1101115] or ring signatures 1 1 6 LI 2 1 1 to prove knowledge of a secret known only to a group of entities. These 
techniques may be used to construct public- key analogues of our (symmetric-key) protocols. In relation 
to group signatures, our proposal shares the requirement of a trusted authority for initialization of the 
system. However, that authority can reveal the identity of the signer, unlike our scheme(s) and ring 
signatures. Moreover, ring signatures do not require a trusted authority. However, the ease with which 
ring signatures can be created and the inability to trace the source of a signature makes them unsuitable 
for authentication in many scenarios llj. In short, we obtain the control provided by group signatures 
with the anonymity guaranteed by ring signatures. 
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Time-specific encryption. The construction presented in Section l4~2l is similar to an application of 
Time-Specific Encryption (TSE) suggested by Paterson and Quaglia [50]. In their construction, built 
upon identity-based encryption, the information associated to temporal edges are cryptographic keys 
known as Time Instant Keys (TIKs): the key Kt is broadcast at time t and tokens are encrypted with 
time interval keys K[t ,ti] which may only be decrypted using a key Kt> for t! £ [to, ti]. Liveness is assured 
by the use of a suitable TIK whilst authority is implied by the use of a symmetric key shared with the 
verifier. Hence, the verifier must maintain symmetric keys with all possible claimants, which could prove 
intractable in large multi-user systems. In our construction using KASs, we achieve this functionality in 
the symmetric setting using a relatively small number of cryptographic keys (one key per node v G V) 
by having proof of authority come not from the claimant's identity (implied by the shared key in TSE) 
but by proving membership of a group associated with a certain authorization leveljf] 

Notice that in TSE, the broadcasted TIK is the cryptographic key necessary to decrypt the nonce. 
Thus, unauthorized recipients of this broadcast gain quite significant information - in particular, they 
gain the ability to decrypt the token to recover the nonce which may provide an advantage in successfully 
authenticating to the verifier (in particular, they learn the contents of the claimant's message which 
may lead to the compromise of the symmetric key shared between the claimant and the verifier). In 
our construction however, the TIKC is simply edge information that in a regular KAS would be public. 
Thus, a recipient of the edge information should not gain an advantage against a secure KAS construction 
unless in possession of a suitable cryptographic key. 



6 Summary 

In this paper, we have presented a novel use of Key Assignment Schemes to construct entity authenti- 
cation protocols. Such protocols can be used to protect long-term secrets and to efficiently verify that a 
claimant satisfies an authentication policy. Example applications of such protocols include: 

- Enforcing user clearance (for example, when accessing a secured database) . 

- Authentication within a large, or rapidly changing, population where it is infeasiblc to maintain a 
list of currently active entities, but it is possible to issue keys valid for given time periods. 

- Ticket-based authentication, where an entity is provided with a KAS key for a time interval rep- 
resenting a ticket lifetime. Future interactions with services require that the entity authenticate 
using a derived key for the current time period. 

- Authentication in subscription systems where an entity purchases a subscription for a period of 
time and is provided with a KAS key for that interval. When accessing the system, the entity is 
challenged on the key for the current time period (the current day, for example) [f] 

- Authentication wherein entities prove authorization but wish to retain anonymity. 

Further work could investigate how the techniques presented here compare to ones used for similar 
purposes in the public-key setting, such as ring and group signatures, particularly in terms of the appli- 
cations that can be supported and the relative efficiency of the approaches. It may also be interesting 
to look at mitigating denial of service attacks (DOS) on authentication servers by employing KASs in a 
proof of work scheme [13] • In such a deployment, it is envisaged that a KAS be devised in which it is 
'moderately hard' to derive keys and thus knowledge of a key proves that significant work has been done 
and that the server should dedicate resources to the authentication process. The difficulty of deriving 
keys may be adjusted according to demand by releasing additional public information. 

In addition, whilst beyond the scope of this exploratory paper, it is important to consider security 
definitions for KAS-based authentication and in particular whether individual security definitions for 
both KASs and authentication protocols hold when combined. An example problem is the notion of 

3 Of course, if the overhead of pairwise symmetric keys between the verifier and all possible claimants is acceptable, then 
the final message in Protocol 1141 may be encrypted with such a key in order to gain a stronger assurance of the claimant's 
identity and hence authorization. 

4 Similarly, a geo-spatial KAS construction [3] may be used such that an entity is provided with a KAS key representing 
geo-spatial locations. Thus, for example, a mobile entity can be challenged on the key relating to the specific location 
they are attempting to access (for example, attempting to authenticate using a smart card to a secure lock within an office 
building). 
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key indistinguishability for KASs 2 . Informally, this captures the idea that an adversary should not be 
able to distinguish a key belonging to a KAS from a random string. However, when using such keys 
for authentication it becomes easy to distinguish these cases: if authentication succeeds, the adversary 
knows that he holds a 'real' key belonging to the KAS, and thus breaks the key indistinguishability 
property. Finding a suitable security model for KAS-based authentication protocols is, therefore, an 
interesting and important line of future work. 
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